nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: DNS - connection limit (without any extra hardware)

From: "Frank Bulk" <frnkblk () iname com>
Date: Fri, 8 Dec 2006 17:19:21 -0600
You could also look at Cloudshield.  I was following the EveryDNS issue this
weekend and this item among the regular VON press release blast jumped out
at me:
http://www.cloudshield.com/news_events/2006_Releases/EveryDNS%20FINAL.pdf
 
Regards,
 
Frank

  _____  

From: Frank Bulk 
Sent: Friday, December 08, 2006 8:59 AM
To: 'nanog () nanog org'
Subject: DNS - connection limit (without any extra hardware)


Hi,
as a comsequence of a virus diffused in my customer-base, I often receive
big bursts of traffic on my DNS servers.
Unluckly, a lot of clients start to bomb my DNSs at a certain hour, so I
have a distributed tentative of denial of service. 
I can't blacklist them on my DNSs, because the infected clients are too
much.

For this reason, I would like that a DNS could response maximum to 10
queries per second given by every single Ip address.
Anybody knows a solution, just using iptables/netfilter/kernel tuning/BIND
tuning, without using any hardware traffic shaper? 

Thanks
Best Regards

Luke
Previous By Date Next
Previous By Thread Next

Current thread: